Customers' names, e-mail addresses and encrypted passwords were exposed.
"MyTalk is Jawbone’s Web-based tool for customizing the company’s Bluetooth devices," writes Macworld's Lex Friedman. "You can use the site to, say, install custom voices or toggle advanced settings on a Big Jambox, or install certain apps on earpieces, and such."
"One customer, Dave Zatz, posted the message he received from Jawbone on Twitter," writes VentureBeat's Meghan Kelly. "It reads, in part: 'Based on our investigation to date, we do not believe there has been any unauthorized use of login information or unauthorized access to information in your account.' It continues to say that the password has been 'disabled' and you can reset the password by visiting the user reset page and completing emailed instructions."
"What remains a mystery, however, is how many Jawbone customers were impacted and just how Jawbone stored the encrypted passwords," writes Sophos' Graham Cluley. "For instance, there's no indication that the hashed passwords were salted to introduce a random factor that would make them significantly harder to crack."